Posted
by
timothy
on Thursday April 17, 2014 @11:21AM
from the all-tor-up dept.

msm1267 (2804139) writes "The Tor Project has published a list of 380 exit relays vulnerable to the Heartbleed OpenSSL vulnerability that it will reject. This comes on the heels of news that researcher Collin Mulliner of Northeastern University in Boston found more than 1,000 nodes vulnerable to Heartbleed where he was able to retrieve plaintext user traffic. Mulliner said he used a random list of 5,000 Tor nodes from the Dan.me.uk website for his research; of the 1,045 vulnerable nodes he discovered, he recovered plaintext traffic that included Tor plaintext announcements, but a significant number of nodes leaked user traffic in the clear."

... to what Tor already leaks, is the previous hop from which the exit traffic came, and possibly meta data on other tunnels relayed by (but not terminated at) the node. If the relayed connection is SSL/TLS encrypted, that encryption is end-to-end from the original client to the server; sniffing some exit-node memory does not help you there. If the related connection is in the plain, then, well, then sniffing the exit node's memory does not tell you any more than you already knew by looking at its plain-text traffic.

Now, Heartbleed is not completely harmless here: You may, if you're very lucky, be able to sniff the previous node name, but as Tor tunnels are longer than that, that does not help you much. Plus, tunnels endpoints tend to change every couple of minutes, making the cross section even smaller. Also, you may now be in a position to sniff data from nodes whose ISP network you do not control, allowing you to do network-wide attacks. That may in fact be the biggest problem.

Russia & China got nothing from Snowden. His material is being carefully vetted by journalists and experts before any is released. Snowden, rightly, chose others to decide what was safe to be released and how/what to redact parts. Bruce Schneier is one helping them in their analysis. 6 members of congress had Schneier brief them on some of the material because the NSA wouldn't answer their questions.

The point is that, if you know the IP address of the exit node, you can use the heartbleed bug to examine it's outgoing traffic even if you don't have control of the network the exit node is on. This makes intersection attacks much easier because you only need to have data from one end. If I control a network where I see some Tor users, all I have to do is use this exploit on exit nodes until I see outgoing traffic that matches the traffic I see on my own network. I can then link that data to clients on my network and Tor is defeated.
This attack is always possible if you control both the client's network and the end point they are communicating with (or some piece of the network between the exit node and the end point), but with this attack you don't need to actually control any part of the network on the exit side because you can just query the exit nodes directly and they will tell you themselves.